cancel
Showing results for 
Search instead for 
Did you mean: 

BGP Prevent AS from being a Transit AS

netwizz
Contributor III
I have a BGP setup that looks like this, and although it is working great for two WAN circuits (for redundancy), I would rather advertise only local routes though..  Currently, I am doing an AS Pre-Pend to load-balance the incoming traffic a little, and it is working great in that if I go to another site and do a traceroute, I can confirm the subnets come in from the proper eBGP neighbors.  In fact, if I do it from a BGP enabled router, it even shows the AS PATH in the traceroute...

This works perfectly fine thus far but no filtering to only advertise local routes out:


router bgp
 local-as
 neighbor remote-as
 neighbor remote-as

 address-family ipv4 unicast
 redistribute connected
 neighbor  route-map out PreferBGP-A
 neighbor  route-map out PreferBGP-B
 exit-address-family

 address-family ipv6 unicast
 exit-address-family
!


route-map PreferBGP-A permit 10
 match ip address prefix-list Deliver-BGP-B
 set as-path prepend  
route-map PreferBGP-A permit 20
 match ip address prefix-list permitAny
!
route-map PreferBGP-B permit 10
 match ip address prefix-list Deliver-BGP-A
 set as-path prepend  
route-map PreferBGP-B permit 20
 match ip address prefix-list permitAny
!

ip prefix-list permitAny seq 5 permit 0.0.0.0/0 le 32
!
ip prefix-list Deliver-BGP-B seq 5 permit /21
ip prefix-list Deliver-BGP-B seq 10 permit
/23
ip prefix-list Deliver-BGP-B seq 15 permit
/24
!
ip prefix-list Deliver-BGP-A seq 5 permit
/21
ip prefix-list Deliver-BGP-A seq 10 permit
/21
ip prefix-list Deliver-BGP-A seq 15 permit
/24
ip prefix-list Deliver-BGP-A seq 20 permit
/28


If I do a 

SwitchName# show ip bgp neighbors  advertised-routes

I see at or about 400 advertised ro...




































https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/23675-27.html


I think I like the idea of the filter-list better:
https://networklessons.com/bgp/bgp-prevent-transit-as





Is there any issue with doing it either of these two ways?  This just happens to be on a 6610-24F

Thank you

1 REPLY 1

netwizz
Contributor III
I should respond back and indicate I did this as a filter-list, and it worked very well.  I was announcing about 392 routes though locally I had 9 subnets at this site.

After the tweak, I checked each neighbor and it is only announcing local routes.  The AS Pretending I already have is still working perfect.

I am checking with this:

sh ip bgp neighbors advertised-routes